Search for packages
| purl | pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb6u2 |
| Next non-vulnerable version | 1.3.1-1+deb8u1 |
| Latest non-vulnerable version | 1.3.1-1+deb8u1 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3txt-1psa-5kf5
Aliases: CVE-2014-0050 GHSA-xx68-jfcg-xmmf |
Denial of service `MultipartStream.java` in this package allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted `Content-Type` header that bypasses a loop's intended exit conditions. |
Affected by 1 other vulnerability. |
|
VCID-f2vg-xm25-ekd1
Aliases: CVE-2013-2186 GHSA-qx6h-9567-5fqw |
Arbitrary file upload via deserialization The DiskFileItem class in this package allows remote attackers to write to arbitrary files via a `NULL` byte in a file name in a serialized instance. |
Affected by 1 other vulnerability. |
|
VCID-qthw-u9bp-zkdp
Aliases: CVE-2016-3092 GHSA-fvm3-cfvj-gxqq |
Denial of Service The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:42:57.525638+00:00 | Debian Oval Importer | Affected by | VCID-qthw-u9bp-zkdp | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 38.6.0 |
| 2026-06-04T20:26:45.304477+00:00 | Debian Oval Importer | Affected by | VCID-3txt-1psa-5kf5 | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 38.6.0 |
| 2026-06-04T20:12:53.038779+00:00 | Debian Oval Importer | Affected by | VCID-f2vg-xm25-ekd1 | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 38.6.0 |